CVE-2018-7803 - OpenCVE

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Schneider-electric	Triconex Tristation Emulator

Configuration 1 [-]

cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03

History

No history.

MITRE

Status: PUBLISHED

Assigner: schneider

Published: 2019-05-22T20:08:29

Updated: 2024-08-05T06:37:59.619Z

Reserved: 2018-03-08T00:00:00

Link: CVE-2018-7803

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-05-22T21:29:00.277

Modified: 2020-08-24T17:37:01.140

Link: CVE-2018-7803

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Triconex TriStation Emulator V1.2.0", "vendor": "n/a", "versions": [{"status": "affected", "version": "Triconex TriStation Emulator V1.2.0"}]}], "descriptions": [{"lang": "en", "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."}], "problemTypes": [{"descriptions": [{"description": "Improper Check for Unusual or Exceptional Conditions", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-22T20:08:29", "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "shortName": "schneider"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cybersecurity@schneider-electric.com", "ID": "CVE-2018-7803", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Triconex TriStation Emulator V1.2.0", "version": {"version_data": [{"version_value": "Triconex TriStation Emulator V1.2.0"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Check for Unusual or Exceptional Conditions"}]}]}, "references": {"reference_data": [{"name": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03", "refsource": "MISC", "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T06:37:59.619Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"}]}]}, "cveMetadata": {"assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb", "assignerShortName": "schneider", "cveId": "CVE-2018-7803", "datePublished": "2019-05-22T20:08:29", "dateReserved": "2018-03-08T00:00:00", "dateUpdated": "2024-08-05T06:37:59.619Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:triconex_tristation_emulator:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AB9CF5BE-97F7-4585-B9DF-B42D5EFE914D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex TriStation Emulator V1.2.0, which could cause the emulator to crash when sending a specially crafted packet. The emulator is used infrequently for application logic testing. It is susceptible to an attack only while running in off-line mode. This vulnerability does not exist in Triconex hardware products and therefore has no effect on the operating safety functions in a plant."}, {"lang": "es", "value": "Una CWE-754: Existe una vulnerabilidad de Comprobaci\u00f3n Inapropiada para condiciones inusuales o excepcionales en Triconex TriStation Emulator V1.2.0, que podr\u00eda hacer que el emulador se bloquee al enviar un paquete creado especialmente. El emulador se utiliza con poca frecuencia para pruebas l\u00f3gica de aplicaci\u00f3n. Es susceptible a un ataque solo mientras se ejecuta en modo Off-Line. Esta vulnerabilidad no existe en los productos de hardware de Triconex y por lo tanto no tiene efectos en las funciones de seguridad operativa en una planta."}], "id": "CVE-2018-7803", "lastModified": "2020-08-24T17:37:01.140", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-22T21:29:00.277", "references": [{"source": "cybersecurity@se.com", "tags": ["Vendor Advisory"], "url": "https://www.schneider-electric.com/ww/en/download/document/SEVD-2019-071-03"}], "sourceIdentifier": "cybersecurity@se.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-754"}], "source": "nvd@nist.gov", "type": "Primary"}]}